You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The CrowdStrike Falcon integration allows you to pull and update Detections/Incidents, and search Incidents/Devices/Detections.
13
+
The CrowdStrike Falcon integration allows you to pull and update Alerts/Incidents, and search Incidents/Devices/Alerts.
14
14
15
15
## Actions
16
16
17
17
***Alerts CrowdStrike Falcon Daemon***(Daemon)* - Daemon to pull CrowdStrike Alerts.
18
18
***Close CrowdStrike Incident***(Containment)* - Close the state of the CrowdStrike Incident.
19
19
***Create Indicators***(Containment)* - Create the Indicators.
20
-
***Detections CrowdStrike Falcon Daemon***(Daemon)* - Daemon to pull CrowdStrike Detections.
21
20
***Device Actions***(Containment)* - Take various actions on the hosts in your environment.
22
21
***Get Browser History***(Enrichment)* - Get user Browser history.
23
22
***Get Endpoint***(Enrichment)* - Get details on one or more hosts by providing agent IDs.
@@ -30,10 +29,8 @@ The CrowdStrike Falcon integration allows you to pull and update Detections/Inci
30
29
***Query Devices By Filter***(Enrichment)* - Search for hosts in your environment by platform, hostname, IP, and other criteria.
31
30
***Retrieve Alert Details***(Enrichment)* - Get details for a specific CrowdStrike Alert.
32
31
***Search into Alerts***(Enrichment)* - Retrieves all Alerts IDs that match a given query.
33
-
***Search into Detections***(Enrichment)* - Search for Detections that match a given query.
34
32
***Search into Incidents***(Enrichment)* - Search for incidents by providing an FQL filter, sorting, and paging
35
33
details.
36
-
***Update Detections***(Containment)* - Modify the state or assignee of Detections.
37
34
***Update Alerts***(Containment)* - Perform actions on Alerts identified by composite ID(s) in request.
38
35
39
36
## Category
@@ -57,13 +54,13 @@ import IntegrationTimeout from '../../../../reuse/automation-service/integration
57
54
58
55
***User (Client) Secret**. Enter the secret code for the API client, equivalent to a password. The secret is only visible to you at the time the API client is created. After that, it is not retrievable. If your client secret is ever lost, you can reset it to generate a new one.
59
56
60
-
***Filter Query (Detections Daemon)**. Enter the FQL-based filter to apply to the search for the detections daemon, for example, `max_severity:>10`
57
+
***Filter Query (Alerts Daemon)**. Enter the FQL-based filter to apply to the search for the Alerts daemon, for example, `max_severity:>10`
For information about CrowdStrike Falcon, see [CrowdStrike documentation](https://www.crowdstrike.com/en-us/resources/guides/?lang=1).
69
66
@@ -103,3 +100,12 @@ For information about CrowdStrike Falcon, see [CrowdStrike documentation](https:
103
100
* Retrieve Alert Details
104
101
* July 4, 2025 (v1.17) - Added new action
105
102
* Query Devices By Filter
103
+
* Sept 30, 2025 (v1.18) - CrowdStrike has deprecated Detections-based APIs, and these actions have now been replaced with Alerts-based actions to align with the latest API updates. Please migrate to the Alerts actions to ensure continued functionality.
0 commit comments